Closed
Bug 377438
(textfuzzer)
Opened 18 years ago
Closed 3 years ago
[meta] Text fuzzer
Categories
(Core :: Fuzzing, defect)
Core
Fuzzing
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Unassigned)
References
(Depends on 10 open bugs)
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse meta])
Attachments
(1 file, 4 obsolete files)
386 bytes,
application/xhtml+xml
|
Details |
roc asked me to make a fuzzer that tests Gecko's text and font code, so I made this. It makes text nodes containing random unicode characters, emphasizing certain characters such as ZWNJ. The characters start out in separate text nodes, but they are combined with innerHTML and textContent.
So far (only running on Mac) it has found four bugs: 377231, 377232, 377314, 377360.
Simon, please advise me as to what characters I should test the most, what fonts to test, etc.
Reporter | ||
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
jshin, mscott, vlad and others are folks that have dealt with various font handling bugs in the past and might have ideas that might make interesting test cases.
Reporter | ||
Comment 3•18 years ago
|
||
To test, toss these two files into a directory with the stuff from bug 339948, and drag fuzzer-text.xhtml to the web browser.
Reporter | ||
Comment 4•18 years ago
|
||
* Test very large font sizes.
* Test wrapping and text-align: justify.
* Exclude '\r' to avoid bug 377461.
Mac Firefox (trunk with patch for bug 377231) survived for 10 minutes with no crashes or new assertions, and shut down without crashing. I haven't tested other platforms.
Attachment #261500 -
Attachment is obsolete: true
Reporter | ||
Comment 5•18 years ago
|
||
* Test '\r' again (since a patch is available for bug 377461).
* Test Arabic more.
Attachment #261533 -
Attachment is obsolete: true
Reporter | ||
Comment 6•18 years ago
|
||
* Really test '\r' again.
Attachment #261535 -
Attachment is obsolete: true
Comment 7•18 years ago
|
||
Some more interesting chars:
German Szlig: 0x00DF
Backslash: 0x5C
A couple of chars in each of the ranges we have macros for here:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/layout/base/nsBidiUtils.h&rev=1.11&root=/cvsroot&mark=197-244#197
Comment 8•18 years ago
|
||
I would test more combining characters, with characters from the same script and with characters from different scripts.
Updated•18 years ago
|
Whiteboard: [sg:nse meta]
Comment 9•17 years ago
|
||
Some of the characters on this page should be included:
http://alanwood.net/unicode/aegean_numbers.html
(it caused a crash in bug 365923)
Reporter | ||
Updated•17 years ago
|
Alias: textfuzzer
Reporter | ||
Comment 10•17 years ago
|
||
Comment on attachment 261536 [details]
fuzzer-text.js
fuzzer-text.js has been incorporated into fuzzer-combined.js, which lives in bug 339948.
Attachment #261536 -
Attachment is obsolete: true
Reporter | ||
Comment 11•9 years ago
|
||
This is now a public DOMFuzz module:
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/unicode-characters.js
The list of "interesting characters for layout" is in values.js:
https://github.com/MozillaSecurity/funfuzz/blob/46515be03a1f73cbaa310971d0d04b13eb29da51/dom/fuzzer/values.js#L576
Group: core-security
Updated•8 years ago
|
Component: Tracking → Platform Fuzzing Team
Comment 12•3 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months.
:decoder, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: jruderman → nobody
Flags: needinfo?(choller)
Updated•3 years ago
|
Summary: Text fuzzer → [meta] Text fuzzer
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(choller)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•